| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aTcPC64WcM3S2SQE@horms.kernel.org>
Date: Mon, 8 Dec 2025 17:46:51 +0000
From: Simon Horman <horms@...nel.org>
To: Dharanitharan R <dharanitharan725@...il.com>
Cc: syzbot+5dd615f890ddada54057@...kaller.appspotmail.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Edward Adam Davis <eadavis@...com>
Subject: Re: [PATCH] net: atm: lec: add pre_send validation to avoid
uninitialized
+ Edward
On Sun, Dec 07, 2025 at 04:14:53AM +0000, Dharanitharan R wrote:
> syzbot reported a KMSAN uninitialized-value crash caused by reading
> fields from struct atmlec_msg before validating that the skb contains
> enough linear data. A malformed short skb can cause lec_arp_update()
> and other handlers to access uninitialized memory.
>
> Add a pre_send() validator that ensures the message header and optional
> TLVs are fully present. This prevents all lec message types from reading
> beyond initialized skb data.
>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-by: syzbot+5dd615f890ddada54057@...kaller.appspotmail.com
> Tested-by: syzbot+5dd615f890ddada54057@...kaller.appspotmail.com
No blank lines between tags please.
>
> Closes: https://syzkaller.appspot.com/bug?extid=5dd615f890ddada54057
Likewise here.
>
> Signed-off-by: Dharanitharan R <dharanitharan725@...il.com>
But more importantly, this seems to duplicate another patch
that is under review:
* [PATCH net v3] net: atm: implement pre_send to check input before sending
https://lore.kernel.org/all/tencent_4312C2065549BCEEF0EECACCA467F446F406@qq.com/
Powered by blists - more mailing lists